couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Lehnardt <...@apache.org>
Subject Re: Issues blocking the 1.2.0 release
Date Thu, 16 Feb 2012 15:40:49 GMT

On Feb 16, 2012, at 16:12 , Jan Lehnardt wrote:

> 
> On Feb 14, 2012, at 13:14 , Noah Slater wrote:
> 
>> Devs,
>> 
>> Please outline:
>> 
>>  - What remains to be fixed for regression purposes
> 
> I want to bring up one more thing (sorry :).
> 
> /_users/_changes is currently end-user readable. While /_users/_changes?include_docs=true
will not fetch docs the requesting user doesn't have access to, it still gets all doc ids
in the /_users db and thus easily can generate a list of all users.
> 
> I'd like to propose to make /_user/_changes also admin-only before we ship 1.2.0. Again,
I'm happy to revisit and make things configurable down the road.
> 
> Note that the information that a particular user is registered is leaked (a user can't
sign up with a username that is already taken, from that it can be deduced that that particular
username is already registered). This is in line with most signup systems. Making /_users/_changes
admin-only doesn't prevent all leakage of what users have signed up, but it stops bulk-leakage
of *all* users in one swoop.
> 
> What do you think?

And a patch & tests for your consideration: https://github.com/janl/couchdb/commit/a61a2068a9ff8c1b9c7dc3596a999a6e164c0d42

Cheers
Jan
-- 



Mime
View raw message